Missing in Michaels Data Breach: Harm To Consumers | Digital Guardian

A thief tries to open a safe in a bank
A federal court has thrown out a class action suit against Michaels Craft Stores, saying that the plaintiff couldn’t prove she was damaged as a result of her information being stolen.

In-brief: A federal court has thrown out a class action suit against Michaels Craft Stores, saying that the plaintiff couldn’t prove she was damaged as a result of her information being stolen. The basis for the ruling: a 2013 Supreme Court case concerning the government’s secretive FISA courts. 

Back in June we wrote about how a two-year old ruling by the Supreme Court in a case known as “Clapper v. Amnesty International” was being used by companies that had suffered from data breaches to question their customers’ right to sue for damages.

Back then, it was Home Depot that cited the Clapper v. Amnesty case, which concerned the human rights’ group’s efforts to discover information on the secretive Foreign Intelligence Surveillance Act (FISA) court, to invalidate consumers’ right to sue for damages related to a massive theft of credit cards from that company in 2014.

In essence, Home Depot argued that consumers don’t have standing to bring suit against the company because they can’t prove harm from the breach – in the same way that the government charged Amnesty International couldn’t bring suit against the U.S. government over the conduct of the Foreign Intelligence Surveillance Act (FISA) court because it couldn’t prove “standing” to sue. (In September, the company made a similar argument in asking the court to dismiss a lawsuit filed against it by banks.)

While the court has yet to rule on Home Depot’s motions, the craft store Michaels appears to have scored a victory using the “Amnesty v Clapper” case to get a class action lawsuit against it thrown out by a federal judge in New York state.

From Digital Guardian’s blog:

As part of her ruling, the judge, Joanna Seybert, cited a legal precedent set by the recent Supreme Court ruling in “Clapper v. Amnesty International,” concluding that the plaintiffs hadn’t proven that any harm resulted from the Michaels breach.

“Simply put, Whalen has not asserted any injuries that are ‘certainly impending’ or based on a ‘substantial risk that the harm will occur,’” Seybert wrote in her decision, referring to Mary Jane Whalen, the Michaels customer in whose name the class action suit was filed. “Thus, Whalen’s claims are DISMISSED WITHOUT PREJUDICE for lack of subject matter jurisdiction,” Seybert concluded.

This isn’t to say that Whalen or other Michaels stores customers were not the target of fraudsters. In fact, Whalen’s attorneys presented evidence that her stolen credit card (or a clone of it) was presented for payment fraudulently in Ecuador: at a local gym and at a venue that sold concert tickets. But regulations in the U.S. exempt consumers from paying the cost of credit card fraud, and Whalen wasn’t asked to pay any unreimbursed charges as a result of the fraudulent use, the court noted.

Source: Missing in Michaels Data Breach: Harm To Consumers | Digital Guardian

Spread the word!

One Comment

  1. On Home Depot c/c hacking.What about citi bank Home Depot c/c holder? I spent years in WI fed court .A H/d employee hacked my c/c info and others,back in 2005.By going into the pos.system and running off full c/c .In my case Citi Bank and Home Depot worked together.City Bank never told the other c/c holders that there info was hacked. Read my blog. http://Www.hdpos.blog and see the copy of the hacked pos.for the H/D employee and the fax leaving the store. Or call me Tim 920-609-0087